FastCGI mod_fastcgi FastCgiSuexec Vhosts Privilege Escalation

2003-01-19T00:00:00
ID OSVDB:6474
Type osvdb
Reporter Michael Richards(michael@fastmail.ca)
Modified 2003-01-19T00:00:00

Description

Vulnerability Description

FastCGI mod_fastcgi contains a flaw that may allow privilege escalation. The issue occurs when the FastCgiWrapper (FastCgiSuexec) is used in conjunction with servers on a virtual host (vhost) configuration. In some situations, mod_fastcgi would fail to use the wrapper (suexec) due to it thinking it had the required privileges. As a result, some applications were receiving the privileges of the server directly (often 'root') instead of the required privileges via the wrapper (limited). This may allow some users to use custom CGI's that would run with full root privileges causing a loss of integrity.

Solution Description

Upgrade to version 2.4.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FastCGI mod_fastcgi contains a flaw that may allow privilege escalation. The issue occurs when the FastCgiWrapper (FastCgiSuexec) is used in conjunction with servers on a virtual host (vhost) configuration. In some situations, mod_fastcgi would fail to use the wrapper (suexec) due to it thinking it had the required privileges. As a result, some applications were receiving the privileges of the server directly (often 'root') instead of the required privileges via the wrapper (limited). This may allow some users to use custom CGI's that would run with full root privileges causing a loss of integrity.

References:

Vendor URL: http://www.fastcgi.com/ Vendor Specific Advisory URL